Hacker News new | ask | show | jobs
by Joker_vD 4 days ago
> It also implies an unbounded and user-controlled cache key,

The query part of GET's URI is also barely bounded in practice and user-controlled, and is indeed used as part of the cache key (because it's a part of URI), so I am not sure why you raise this objection at all.
2 comments
giancarlostoro 4 days ago
> and user-controlled

I've found some sites that tack on a session ID and if you try to tamper with the URL in any way, it sends you back to "Page 1" really annoys me lol at that point let me skip to any page with your web UI.

link
PunchyHamster 4 days ago
Well, because it is more code. Current caching software caches by headers + query string. It now needs to be expaned to cache by body too.

It feels very pointless and there is no drawback of just using POST

link
OvervCW 4 days ago
There is: your browser or other type of client does not know it can repeat a POST request if it fails, whereas a QUERY request can be freely repeated in case of errors.
link
spockz 3 days ago
Not freely. It is idempotent, not safe. So it still can have serious load consequences.
link
Joker_vD 3 days ago 

    Unlike POST, however, the method is explicitly safe and idempotent, allowing
    functions like caching and automatic retries to operate.
link
spockz 2 days ago
Yes. That is what the spec says. However, if the search query is expensive you need some form of caching. Either on the endpoint itself caching the data, or the mechanism with location to redirect to the location of the result.
link
account42 3 days ago
Putting something in a spec does not automatically make it true. In the real world if you repeat expensive queries more than an undefined amount you get blocked or at least bot-checked.
link
projektfu 3 days ago
From the browser POV it doesn't need to ask if you want to re-send data.
link
themgt 3 days ago
Putting something in a spec does not automatically make it true.

Terrible news for computing.

link
afavour 4 days ago
Is caching not the primary reason to use this over POST? You should never want to cache POST requests.
link
drdexebtjl 3 days ago
No. Being idempotent, it also lets the browser/client/reverse proxy retry it if it fails.
link
nfw2 3 days ago
Technically a put or a patch is also idempotent. The benefits are idempotent and safe (and semantically appropriate). Post (generally) communicates something is changing whereas a query doesn't
link
gamache 3 days ago
PUT is idempotent, PATCH is not always. The semantics of a PATCH payload are up to the server and standards like JSON Patch (RFC 6902, https://datatracker.ietf.org/doc/html/rfc6902) allow non-idempotent operations like adding an item to a list.
link
nfw2 3 days ago
I stand corrected although using patch this way seems goofy to me.
link